There is no possibility (what I am aware of) to remove Downadup on an infected system with SEP alone. The same goes for all viruses that hides themselves in the system restore or rootkits.

Manual removal is necessary. But with FixDownadup.exe you should be able to create a script with appropriate switches together with psexec.exe to clean more than one pc at the time. If you need to reboot to safe mode I am not sure if this will work.

http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

Downadup is spreading mainly through exploiting this vulnerability

http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx 

If you update your systems with this patch you might reduce the damage. Unfortunately you already have it in your systems continuing to spread between computers.

When downadup infects a machine in the internal lan it can spread very fast. It can infect through usb sticks and mapped drives.

If you have weak passwords for admin accounts it tries through "brute force" attacks find a way to use these accounts to remotely spread the virus further.

https://forums2.symantec.com/t5/blogs/blogarticlepage/blog-id/malicious_code/article-id/225

Maximilian is correct.  I only have a few things to add:

1) The main reason a removal script will outperform SEP is that removal scripts are designed to look for and kill specific processes, remove specific registry entries, and scan the specific file system paths where the virus is known to occupy.  It's an optomized direct strike where SEP is doing broad-based-catch-all type protection. While SEP may be attacked by the virus, the removal script is unknown to it (unless the malware writer updates the virus to look for it) so it gets a direct shot at attacking/removing it. 

2) There is no SEPM based solution for dealing with Downadup.  Maximilian's script solution is the best way to deal with the remediation process quickly and remotely. After the script finishes, you then use SEPM to schedule a full scan on all infected systems. In the cases where the script won't work, instead of booting into SafeMode and running the removal tool plus a full system scan, I would take a laptop to the infected system and remove the hard drive.  Using a SATA/IDE to USB Adapter, I would slave the drive to the laptop and run just a full scan against the drive.  This will allow you to scan the infected drive without the virus trying to thwart your remediation effort and it will run much faster than if you booted from the infected drive.  Obviously, that's too much to do on all the systems but it does speed up the process of the manual visists.

It seems the removal tools is not so effective. Event if I remove the risk in Safe mode, once systems is startup then its still ecounters that repeating risk?
Buy the situation is abit different, because we are implementing Symantec Corporate Edition 10.0

Please help if you have other solution than that?

I would guess that you have not patched your micrsoft system. You must first use windowsupdate to get all security fixes otherwise you will get infected again from the network (assuming you have more than one infected machine).